The firewall of choice is IPCop. IP Cop has several features which are cool, among them are a rock-solid IPTables-based firewall, VPN, Squid Proxy, DHCP, ntpd, and Snort as an IDS. I can also graph my traffic, and see what sites people have visited (like my son). They came out with version 1.4.2 recently, and it's sweet. I should be able to hook up a VPN to it, and I think I'm going to set up a VPN to my house, once I understand how the security works. The machine is an old Dual CPU P2/400 with 512mb RAM, more than enough for a home network. I got it from work when they were giving away their old web caching machines. I think half the technologies staff that has worked for my company in the last few years ended up with one. I mean, they had pallets of these things lying around everywhere. They were like wire coathangers in the computer labs; they just kept breeding. Even in my new job, there are a few lying under the desks of a few techs. They use Tyan motherboards, which I had never heard of before, but everyone says are "really good." I managed to get several broken parts of these machines to make one good one, and took it home for Linux training. "Please! Take several!" said management.
I can't get my "Blue" network to talk to my "Green" or even "Red" network, though. I am sure it's a PEBCAK, but I can't quite figure it out. The short-term solution was just to plug the access point into my Green switch for now, but I wanted a separate network for my wireless. :(
The "wireless" is a new addition to our house, a gift to Christine because she was amazed at wireless at a friend's house. I got that set up after a few hours, and put in every security layer I could think of, with MAC address filtering, turning off SSID, and putting in 128-bit WEP. It still makes me nervous, but in the several days I have had it up, no one's tried to poke their head in.